The Importance of WordPress Security And SSL Certificates

July 9, 2018

UPDATE: As of July 2018, the Chrome browser is now placing a Not Secure label to the left of http:// format web addresses in the browser address bar. That should be an incentive to get your site upgraded to use the https:// prefix, as well as the additional reasons below…

If you’re a member of Wealthy Affiliate, my #1 recommended affiliate-marketing course, you’ll have received an email from founder Kyle about the introduction of free SSL certificates for WordPress sites built and hosted on their SiteRubix system (members get free webhosting).

What is SSL And Why Is It Important?

SSL stands for Secure Sockets Layer, a technical term that won’t mean anything to the average internet user.

What it provides though is an additional layer of security on websites. You’ve seen some web addresses start with http:// and others start with https://. That “s” in https indicates that SSL is in operation on that site.

Up until recently, you’d generally have seen https addresses on e-commerce sites as they want to protect customer’s details and credit card info from hackers.

Last year, Google announced that any site using SSL would be ranked higher in their search engine. It’s an indicator that Google takes website security very seriously and is using it as a ranking factor.

So why isn’t every webmaster using it? Even if only for the ranking boost it provides?

Well, firstly because you have to pay for SSL certificates annually (though some webhosts are providing free certificates for customers) and secondly because you need a bit of technical know-how to set one up correctly. And most non-corporate webmasters don’t want to deal with that hassle.

What If You’re Not A Wealthy Affiliate Member?

…Or you self-host your websites?

CloudFlare is a web-security company that can provide some security measures to harden your sites against hack attacks. They offer a free plan as well as more comprehensive paid plans. They also offer a basic SSL certificate to users.

While the security and caching measures are easy enough to set up, getting a site to display correctly with a https:// prefix is problematic. There are a lot of settings you need to get just right and bumbling through them just isn’t the way to go.

Another web hosting company I recommend is A2Hosting as they also provide free SSL certificates for websites hosted there. It’s a one-click solution.

Site security is something a lot of webmasters simply don’t take seriously enough.

There are something like 74,000,000 WordPress sites online at the moment. Roughly 30,000 of those are hacked each and every day. That’s about 11,000,000 hacks per year.

In some cases, those hacks will go undetected because the webmaster is not paying much attention to his site.

It other cases, hacks are detected and one of two things happens:

The site is voluntarily, if reluctantly, taken offline so that the hackers can no longer (ab)use the site

The site is repaired, at some cost, and put back online, hopefully this time with better security measures in place

In all cases of a site hack, one of more or these will occur:

You will lose sales and conversions – affiliate links can be replaced with those of the hacker. If you market your own product or service, your visitors may see a defaced site and your customer’s information may be stolen. A suspicious-looking site will have visitors running for the hills. Permanently.

You will suffer reputational or brand damage – look at any of the recently reported hacks of big companies and how their reputations and stock prices have been affected once word got out. If your customer’s information is stolen, you’ll likely never be forgiven for it. If you’re an affiliate marketer, people will just bypass your site.

Your search engine rankings will drop – if your site gets flagged by Google as being infected with malware, your site and page rankings will drop significantly. In some cases, those rankings can never be recovered. You need to clean an infected site, contact Google and let them know you’ve done that and wait a considerable amount of time for them to re-review your site. All while there’s a notice over your site warning visitors it’s infected with malware.

Where site security is concerned, prevention is most definitely far more cost effective than cure and recovering from the collateral damage a hack can incur.

Those SSL Certificates Again

Cloud Defender goes a long way to helping secure your sites. I’m not going to lie to you; it’s not an all-in-one solution, and you will need to take additional measures to secure your sites. But it is a good starting point if you have little or no security measures in place on your blogs.

I’ve added it to the arsenal of anti-hacking tools I employ when building my own sites and sites I build for clients over at Top Design Blogs.

Just the fact that it makes setting up free SSL certs easy makes it worth the price ($14.95 at time of writing). I’ll write a review of Cloud Defender in my next post.

Great information. And glad I am with Wealthy Affiliate (WA). I have been very secure with the decision of going with WA and this clinches it even more. But it is still good to know this type of web security info. And of course you can never be too careful. I hope all the people who hack are sent to a special place in hell…

I’m glad I signed up with WA too, Brent. I’ve been building WordPress sites since before joining WA, so it just felt natural to keep creating self-hosted sites rather than use WA’s SiteRubix site management system. We’re all in an ongoing arms race with the hackers. Keeping up with the latest security tools and measures is now a necessity, unfortunately.